:doc:`GuardDuty <../../guardduty>` / Client / create_threat_entity_set

************************
create_threat_entity_set
************************



.. py:method:: GuardDuty.Client.create_threat_entity_set(**kwargs)

  

  Creates a new threat entity set. In a threat entity set, you can provide known malicious IP addresses and domains for your Amazon Web Services environment. GuardDuty generates findings based on the entries in the threat entity sets. Only users of the administrator account can manage entity sets, which automatically apply to member accounts.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateThreatEntitySet>`_  


  **Request Syntax**
  ::

    response = client.create_threat_entity_set(
        DetectorId='string',
        Name='string',
        Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
        Location='string',
        ExpectedBucketOwner='string',
        Activate=True|False,
        ClientToken='string',
        Tags={
            'string': 'string'
        }
    )
    
  :type DetectorId: string
  :param DetectorId: **[REQUIRED]** 

    The unique ID of the detector of the GuardDuty account for which you want to create a threat entity set.

     

    To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`__ API.

    

  
  :type Name: string
  :param Name: **[REQUIRED]** 

    A user-friendly name to identify the threat entity set.

     

    The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).

    

  
  :type Format: string
  :param Format: **[REQUIRED]** 

    The format of the file that contains the threat entity set.

    

  
  :type Location: string
  :param Location: **[REQUIRED]** 

    The URI of the file that contains the threat entity set. The format of the ``Location`` URL must be a valid Amazon S3 URL format. Invalid URL formats will result in an error, regardless of whether you activate the entity set or not. For more information about format of the location URLs, see `Format of location URL under Step 2\: Adding trusted or threat intelligence data <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-lists-create-activate.html>`__ in the *Amazon GuardDuty User Guide*.

    

  
  :type ExpectedBucketOwner: string
  :param ExpectedBucketOwner: 

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the **location** parameter.

    

  
  :type Activate: boolean
  :param Activate: **[REQUIRED]** 

    A boolean value that indicates whether GuardDuty should start using the uploaded threat entity set to generate findings.

    

  
  :type ClientToken: string
  :param ClientToken: 

    The idempotency token for the create request.

    This field is autopopulated if not provided.

  
  :type Tags: dict
  :param Tags: 

    The tags to be added to a new threat entity set resource.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ThreatEntitySetId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ThreatEntitySetId** *(string) --* 

        The ID returned by GuardDuty after creation of the threat entity set resource.

        
  
  **Exceptions**
  
  *   :py:class:`GuardDuty.Client.exceptions.BadRequestException`

  
  *   :py:class:`GuardDuty.Client.exceptions.InternalServerErrorException`

  